Skip to main content

Installing and configuring Active Directory Domain Services using PowerShell


In this tutorial, we will learn how to install Active Directory Domain Services using PowerShell cmdlets

Before proceeding to install, we will check the available features to install.
We will use Get-WindowsFeature cmdlet to get the available features to install.
 
Result will be as below and you can see Active Directory Domain Services is available to install.

Machine generated alternative text: PS Get-WindowsFeature Di splay [ ] Active Directory Certificate Services Certification Authority Certificate Enrol Iment Policy Web Service Certificate Enrol Iment Web Service Certification Authority Web Enrollment Network Device Enrol Iment Service Online Responder [ ] Active Directory Domain Services [ ] Active Directory Federation Services AD—Certi cate AXS—Enr -Web- POI AXS—Enr 011 -Web- Svc I ment AXS—Devi ce-EnroI Iment AXS—On I i ne—Cert AD- Doma i n—Ser vi ces ADFS—Federati on Instal State Avai I abl e Avai I abl e Avai I abl e Avai I abl e Avai I abl e Avai I abl e Avai I abl e Avai I abl e Avai I abl e

Run the below cmdlet to install the Active Directory Domain Services including all the management tools (Need reboot the complete the installation).

Install-WindowsFeature -IncludeManagementTools AD-Domain-Services

To cross verify installation you can run the Get-WindowsFeature once again and check the results, status of Active Directory Domain Services should change to Installed as in below screen shot.
 
Machine generated alternative text: ps C: Get-Win Display Name s Feature ] Active Directory Certificate Services C ] Certification Authority ] Certificate Enrol Iment Policy Web Service ] Certificate Enrol Iment Web Service ] Certification Authority Web Enrol Iment ] Network Device Enrol Iment Service ] Online Responder [X] Active Directory Domain Servi ces C ] Active Directory Federation Services Name AD-Certifi cate AXS-Cert-Authority ADCS-Enrol -I -Web-Pol ARS-Enrol -I -Web-Svc ADCS-Web-EnroI Iment ARS-Devi ce-EnroI Iment ADCS-Onl i ne-Cert AD- Domai n -Servi ces ADFS-Federation Install State Available Available Available Available Available Available Available Installed Available

Post this we need to promote this server as Domain controller to complete the configuration.
As this is a totally new setup we are configuring as First domain controller in new forest as we don't have existing forest.
To do this run the below cmdlets.
Install-ADDSForest
It will ask for few inputs to proceed with, you can see in below pic.

I have given the Domain name and the safemodeadminpassword to proceed and Type "Y" to promote the domain controller.
 
Machine generated alternative text: ps C: Insta -ADDSForest cmdlet Install-ADDSForest at conmand pipeline position I Supply values for the following parameters: DomainName: test.com SafeNodeAdmi n i str atorPassword : onfirm Saf&odeAdministratorPassword: he target server will be configured as a domain controller C"' you want to continue with this operation? [Y] Yes CA] Yes to All [N] No [L] No to Al I CSI Suspend and restarted when this operation is complete. C?] Help (default is "Y"): Y—

It will validate the environment, user input and Prerequisites for domain controller operation before proceeding.

Machine generated alternative text: ps C: Insta -ADDSForest Instal -ADDSFor est Validating environment and user input Verifying prerequisites for domain control ler operati on. _ Do you want to continue with this operation? [Y] Yes CA] Yes to All [N] No [L] No to All CSI Suspend C?] Help (default is "Y"): y ARNING: Windows Server 2012 R2 domain controllers have a default for the security setting named "Allow cryptography algorithms compatible with Windows NT 4. O" that prevents weaker cryptography algorithms when establishing security channel sessions. For more information about this setting, see Knowledge Base article 942564 (http://go.mi crosoft . com/fwl i nk/?Li nkId=104751) .

Post installation, you can verify the status of the server role by using Net Accounts command, the role will appear as Primary, earlier it was Server as there is no ADDS role installed on this, find the below pic for more info.
 
Machine generated alternative text: PS net accounts Force user logoff how long after time expires?: Minimum password age (days) : Maximum password age (days) : Minimum password length: Length of password history maintained: Lockout threshold: Lockout duration (minutes) : Lockout observation window (minutes): Computer role: The command completed successfully. Never None Never PRIMARY

And you can find the below administrative tools to manage the Active Directory.
Active Directory Administrative Center Active Directory Domains and Trusts Active Directory Module for Windows PO... Active Directory Sites and Services Active Directory Users and Computers ADSI Edit

This concludes the tutorial.

Thank you! Happy Learning :)

Labels:

Comments

Post a Comment

Popular posts from this blog

Unable to Install SCCM Client- File C:\Windows\ccmsetup\MicrosoftPolicyPlatformSetup.Msi Error text : ExitCode: 1625

Today while troubleshooting SCCM client issue in one of the server I came across the below issue and thought of sharing with all of you. Hope it helps. Issue: Unable to Install SCCM Client getting below error in CCMSetup.log Reason:  Per the below log entry, setup was failing because the installation of MicrosoftPolicyPlatformSetup.Msi failed in the backend. Resolution: To resolve the issue, we need to perform manual installation of MicrosoftPolicyPlatformSetup.Msi. To perform the installation, follow below steps: Go to C:\windows\ccmsetup\ and right click on MicrosoftPolicyPlatformSetup.Msi and run as administrator to install it manually Post installing the MicrosoftPolicyPlatformSetup.Msi, run the CCMSETUP.exe setup once again and monitor the logs to check the installation status and the log should end with ccmsetup is exiting with return code 0. Post installation you can verify the configuration manager client in control panel and it should show all the 11
Post a Comment
Read more

Unable to transfer Schema master role from Primary Domain Controller to Additional domain controller (backup server) In Windows Server

Issue: Unable to transfer Schema master role from PDC to ADC. Symptoms: You will get below error while transferring Schema master using NTDSUTIL fsmo maintenance: seize schema master Attempting safe transfer of schema FSMO before seizure. ldap_modify_sW error 0x32(50 (Insufficient Rights). Ldap extended error message is 00002098: SecErr: DSID-0315137D, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 Resolution: Add your user to Enterprise admin  group in Active directory to resolve this issue.
Post a Comment
Read more

Configuring Service Connection Point Role in System Center Configuration Manager 1702 Version

In Today’s guide, we will learn about Installing Service connection point role in Configuration Manager version 1702 . Using Service connection point role, we can keep the Configuration Manager up to date with latest updates. Before moving forward, we will understand about the Service Connection Point role in brief. What is Service Connection Point Role? A service connection point connects Configuration Manger to Microsoft cloud services and is used for Microsoft Intune subscription and servicing, and to update your Configuration Manager installation. This will help you in keep your Configuration Manager installation up-to date with latest updates. To install Service Connection Point Role, follow the below steps . Open Configuration Manager Console. From Workspace, Click on Administrations as shown in below screenshot In Navigation Pane – expand Site Configuration – Right click on Sites – and click on Add Site System Roles to proceed further. On General Screen, provide or
Post a Comment
Read more